Explore the anatomy of a corporate hack in this 52-minute conference talk from Derbycon 2016. Delve into the world of cybersecurity as Sean Metcalf and Will Schroeder guide you through the process of attacking a fictional corporation, EvilCorp. Learn about various hacking techniques, including enumeration, local group manipulation, token stealing, and subversive profiles. Discover the intricacies of Kerberos exploitation and targeted compromise strategies. Examine the concept of Root CID 509 and its implications. Conclude with valuable insights on mitigations to protect against such attacks. Gain a comprehensive understanding of corporate hacking methodologies and defense mechanisms in this informative presentation.
Overview
Syllabus
Intro
About us
Shortcut
Digging Deeper
Enumerating
Get Local Group
Steal Tokens
Subversive Profiles
Kerberos Team
Targeted Compromise
Kerberos Service Ticket
Root CID 509
Mitigations